2 essential add-ons for ISPConfig3

After the installation of an OS, for example Debian, following one of the excellent "perfect servers" how-tos and then installing ISPConfig3, there are a few more things I consider to be essential:

- install Mod_Security.
This can be skipped if you use only software that is guaranteed to be secure.
Mod_security needs some work for fine-tuning, but if you run a hosting environment for clients or if you use opensource software, Mod_Security might save you more than just a couple bucks...

- install the PEAR mail package
Most if not almost all software packages involving mailing to users make use of the PHP mail()/sendmail function.
The problem with this is that regardless of all your efforts using SPF and setting PTRs, your mail will be stopped by spamfilters of all major email providers because it was not sent using SMTP auth.
PEAR provides a simple way for sending mail using SMTP auth, so you increase your website's reach.

To be able to display (and switch between) sites that have been setup on the server to display as default when browsing to the server's IP or FQH is useful for example when developing a site when the DNS has not been set to point there, or to host stuff without using a domain name

To achieve this, do:

in /etc/apache2/sites-enabled
rename 000-default (or similar) to something like _000-default
then *copy* the file with the domain you want to appear as default into 000-default (same file name as was renamed above)
restart apache.

to switch to another default site, just copy another domain file to 000-default

to switch back to default behavior, copy back _000-default to 000-default
(and restart apache after every change)

To be able to display (and switch between) sites that have been setup on the server to display as default when browsing to the server's IP or FQH is useful for example when developing a site when the DNS has not been set to point there, or to host stuff without using a domain name

To achieve this, do:

in /etc/apache2/sites-enabled
rename 000-default (or similar) to something like _000-default
then *copy* the file with the domain you want to appear as default into 000-default (same file name as was renamed above)
restart apache.

to switch to another default site, just copy another domain file to 000-default

to switch back to default behavior, copy back _000-default to 000-default
(and restart apache after every change)

For me a essential add-on is cluebringer for postfix. It provides access control, spf check, greylist, helo/ehlo checks and quota support. It's written in perl and support mysql/sqlite/postgresql. All with a web interface, just awesome!

another observation:
if you install a vserver: these usually don't allow access to IPTABLES, since they are built into the kernel that is common to all vservers on the host.
So your fail2ban is going to be ineffective in the default config.

another observation:
if you install a vserver: these usually don't allow access to IPTABLES, since they are built into the kernel that is common to all vservers on the host.
So your fail2ban is going to be ineffective in the default config.